From 830ca14118bf21805aa700ea4afd219958bc4ba7 Mon Sep 17 00:00:00 2001
From: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Date: Mon, 28 Feb 2022 16:03:44 +0100
Subject: [PATCH] Revert "Switch to cloud-init for host initialization"

This reverts commit 5f7d47783b894db66e8625b3847e614e76eba178.
This reverts commit 33c62d0c42aee97120e96477b0d1acea2d3d41af.
---
 locals.tf                                |  4 +-
 modules/host/locals.tf                   | 55 +++++++++++++++++++-
 modules/host/main.tf                     | 64 +++++++++---------------
 modules/host/templates/boothook.sh.tpl   |  5 --
 modules/host/templates/userdata.yaml.tpl | 45 -----------------
 modules/host/versions.tf                 |  4 --
 6 files changed, 79 insertions(+), 98 deletions(-)
 delete mode 100644 modules/host/templates/boothook.sh.tpl
 delete mode 100644 modules/host/templates/userdata.yaml.tpl

diff --git a/locals.tf b/locals.tf
index d4fec46..0fe2a8c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -145,9 +145,9 @@ locals {
     "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0",
   ]
 
-  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"])
+  install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"])
 
-  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"])
+  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"])
 
   agent_nodepools = merge([
     for nodepool_name, nodepool_obj in var.agent_nodepools : {
diff --git a/modules/host/locals.tf b/modules/host/locals.tf
index 2da653d..08306d6 100644
--- a/modules/host/locals.tf
+++ b/modules/host/locals.tf
@@ -15,7 +15,60 @@ locals {
     "set -ex",
     "apt-get update",
     "apt-get install -y aria2",
-    "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-OpenStack-Cloud.qcow2.meta4",
+    "aria2c --follow-metalink=mem https://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-kvm-and-xen.qcow2.meta4",
     "qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*qcow2$') /dev/sda",
+    "sgdisk -e /dev/sda",
+    "parted -s /dev/sda resizepart 4 99%",
+    "parted -s /dev/sda mkpart primary ext2 99% 100%",
+    "partprobe /dev/sda && udevadm settle && fdisk -l /dev/sda",
+    "mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
+    "mke2fs -L ignition /dev/sda5",
+    "mount /dev/sda5 /mnt",
+    "mkdir /mnt/ignition",
+    "cp /root/config.ign /mnt/ignition/config.ign",
+    "mkdir /mnt/combustion",
+    "cp /root/script /mnt/combustion/script",
+    "umount /mnt"
   ]
+
+  ignition_config = jsonencode({
+    ignition = {
+      version = "3.0.0"
+    }
+    passwd = {
+      users = [{
+        name              = "root"
+        sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
+      }]
+    }
+    storage = {
+      files = [
+        {
+          path      = "/etc/sysconfig/network/ifcfg-eth1"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
+        },
+        {
+          path      = "/etc/ssh/sshd_config.d/kube-hetzner.conf"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
+        }
+      ]
+    }
+  })
+
+  combustion_script = <<EOF
+#!/bin/bash
+sed -i 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config
+sed -i 's#WAIT_FOR_INTERFACES="30"#WAIT_FOR_INTERFACES="60"#g' /etc/sysconfig/network/config
+sed -i 's#CHECK_DUPLICATE_IP="yes"#CHECK_DUPLICATE_IP="no"#g' /etc/sysconfig/network/config
+# combustion: network
+rpm --import https://rpm.rancher.io/public.key
+zypper refresh
+zypper --gpg-auto-import-keys install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/k3s-selinux-0.4-1.sle.noarch.rpm
+udevadm settle || true
+EOF
+
 }
diff --git a/modules/host/main.tf b/modules/host/main.tf
index 99d4069..beb8e99 100644
--- a/modules/host/main.tf
+++ b/modules/host/main.tf
@@ -8,20 +8,10 @@ resource "hcloud_server" "server" {
   ssh_keys           = var.ssh_keys
   firewall_ids       = var.firewall_ids
   placement_group_id = var.placement_group_id
-  user_data          = data.template_cloudinit_config.config.rendered
+
 
   labels = var.labels
 
-  # Prevent destroying the whole cluster if the user changes
-  # any of the attributes that force to recreate the servers.
-  lifecycle {
-    ignore_changes = [
-      location,
-      ssh_keys,
-      user_data,
-    ]
-  }
-
   connection {
     user           = "root"
     private_key    = local.ssh_private_key
@@ -29,6 +19,17 @@ resource "hcloud_server" "server" {
     host           = self.ipv4_address
   }
 
+  provisioner "file" {
+    content     = local.ignition_config
+    destination = "/root/config.ign"
+  }
+
+  # Combustion script file to install k3s-selinux
+  provisioner "file" {
+    content     = local.combustion_script
+    destination = "/root/script"
+  }
+
   # Install MicroOS
   provisioner "remote-exec" {
     inline = local.microOS_install_commands
@@ -49,6 +50,17 @@ resource "hcloud_server" "server" {
       done
     EOT
   }
+
+  provisioner "remote-exec" {
+    inline = [
+      # Disable automatic reboot (after transactional updates), and configure the reboot method as kured
+      "set -ex",
+      "rebootmgrctl set-strategy off",
+      "echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf",
+      # set the hostname
+      "hostnamectl set-hostname ${self.name}"
+    ]
+  }
 }
 
 resource "hcloud_server_network" "server" {
@@ -56,33 +68,3 @@ resource "hcloud_server_network" "server" {
   server_id = hcloud_server.server.id
   subnet_id = var.ipv4_subnet_id
 }
-
-data "template_cloudinit_config" "config" {
-  gzip          = true
-  base64_encode = true
-
-  # Main cloud-config configuration file.
-  part {
-    filename     = "init.cfg"
-    content_type = "text/cloud-config"
-    content = templatefile(
-      "${path.module}/templates/userdata.yaml.tpl",
-      {
-        hostname          = var.name
-        sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
-      }
-    )
-  }
-
-  # Initialization script (runs at every reboot)
-  part {
-    content_type = "text/cloud-boothook"
-    filename     = "boothook.sh"
-    content = templatefile(
-      "${path.module}/templates/boothook.sh.tpl",
-      {
-        hostname = var.name
-      }
-    )
-  }
-}
diff --git a/modules/host/templates/boothook.sh.tpl b/modules/host/templates/boothook.sh.tpl
deleted file mode 100644
index 0b1f461..0000000
--- a/modules/host/templates/boothook.sh.tpl
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-#cloud-boothook
-
-# Fix hostname after reboot
-hostnamectl hostname "${hostname}"
diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl
deleted file mode 100644
index c685b6e..0000000
--- a/modules/host/templates/userdata.yaml.tpl
+++ /dev/null
@@ -1,45 +0,0 @@
-#cloud-config
-write_files:
-
-# Configure private network
-- content: |
-    BOOTPROTO='dhcp'
-    STARTMODE='auto'
-  path: /etc/sysconfig/network/ifcfg-eth1
-
-# Disable ssh password authentication
-- content: |
-    PasswordAuthentication no
-    X11Forwarding no
-    MaxAuthTries 2
-    AllowTcpForwarding no
-    AllowAgentForwarding no
-    AuthorizedKeysFile .ssh/authorized_keys
-  path: /etc/ssh/sshd_config.d/kube-hetzner.conf
-
-# Setting the right reboot mode
-- content: | 
-    REBOOT_METHOD=kured
-  path: /etc/transactional-update.conf
-  append: true
-
-# Add ssh authorized keys
-ssh_authorized_keys:
-%{ for key in sshAuthorizedKeys ~}
-  - ${key}
-%{ endfor ~}
-
-runcmd:
-
-# Activate the private network
-- systemctl reload network
-
-# Activate ssh configuration
-- systemctl reload sshd
-
-# Fix hostname (during first boot)
-- hostnamectl hostname ${hostname}
-
-# Finishing automatic reboot via Kured setup
-- systemctl reload transactional-update
-- rebootmgrctl set-strategy off
\ No newline at end of file
diff --git a/modules/host/versions.tf b/modules/host/versions.tf
index 7c8da9d..fe79022 100644
--- a/modules/host/versions.tf
+++ b/modules/host/versions.tf
@@ -12,9 +12,5 @@ terraform {
       source  = "tenstad/remote"
       version = "~> 0.0.23"
     }
-    template = {
-      source  = "hashicorp/template"
-      version = "~> 2.2.0"
-    }
   }
 }